EmergingThreats> Main Web>2006437 (2008-01-21, MattJonkman) EditAttach

#alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE CURRENT EVENTS FireFox? Remote Command EXE News Link Detected"; flow: from_server,established; content:"news\:%"; nocase; content: "/../../"; within:30; nocase; pcre:"/(\.exe|\.bat|\.com)/i"; reference:url,xs-sniper.com/blog/remote-command-exec-firefox-2005/; classtype:web-application-attack; sid:2006437; rev:2;)

Added 2008-01-09 20:38:27 UTC

alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"BLEEDING-EDGE CURRENT_EVENTS FireFox? Remote Command EXE News Link Detected"; flow: from_server,established; content:"news:%"; nocase; content: "/../../"; within:30; nocase; pcre:"/(\.exe|\.bat|\.com)/i"; reference:url,xs-sniper.com/blog/remote-command-exec-firefox-2005/; classtype:web-application-attack; sid:2006437; rev:1;)

Added 2007-07-27 05:33:11 UTC

Edit | Attach | Print version | History: r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r2 - 2008-01-21 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats